What is the severity of CVE-2025-37878?

CVE-2025-37878 is categorized as a moderate severity vulnerability in the Linux kernel.

How do I fix CVE-2025-37878?

To fix CVE-2025-37878, update your Linux kernel to the latest patched version.

Which versions of Linux Kernel are affected by CVE-2025-37878?

CVE-2025-37878 affects specific versions of the Linux kernel that are vulnerable to the described issue.

What type of vulnerability is CVE-2025-37878?

CVE-2025-37878 is a kernel-level vulnerability specifically related to event management in the performance subsystem.

Is CVE-2025-37878 actively exploited?

As of now, there are no reports indicating that CVE-2025-37878 is being actively exploited in the wild.

Vulnerability/
CVE-2025-37878

9/5/2025

CVE-2025-37878: perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init

First published: Fri May 09 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Move the get_ctx(child_ctx) call and the child_event->ctx assignment to occur immediately after the child event is allocated. Ensure that child_event->ctx is non-NULL before any subsequent error path within inherit_event calls free_event(), satisfying the assumptions of the cleanup code. Details: There's no clear Fixes tag, because this bug is a side-effect of multiple interacting commits over time (up to 15 years old), not a single regression. The code initially incremented refcount then assigned context immediately after the child_event was created. Later, an early validity check for child_event was added before the refcount/assignment. Even later, a WARN_ON_ONCE() cleanup check was added, assuming event->ctx is valid if the pmu_ctx is valid. The problem is that the WARN_ON_ONCE() could trigger after the initial check passed but before child_event->ctx was assigned, violating its precondition. The solution is to assign child_event->ctx right after its initial validation. This ensures the context exists for any subsequent checks or cleanup routines, resolving the WARN_ON_ONCE(). To resolve it, defer the refcount update and child_event->ctx assignment directly after child_event->pmu_ctx is set but before checking if the parent event is orphaned. The cleanup routine depends on event->pmu_ctx being non-NULL before it verifies event->ctx is non-NULL. This also maintains the author's original intent of passing in child_ctx to find_get_pmu_context before its refcount/assignment. [ mingo: Expanded the changelog from another email by Gabriel Shahrouzi. ]

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-37878?
CVE-2025-37878 is categorized as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2025-37878?
To fix CVE-2025-37878, update your Linux kernel to the latest patched version.
Which versions of Linux Kernel are affected by CVE-2025-37878?
CVE-2025-37878 affects specific versions of the Linux kernel that are vulnerable to the described issue.
What type of vulnerability is CVE-2025-37878?
CVE-2025-37878 is a kernel-level vulnerability specifically related to event management in the performance subsystem.
Is CVE-2025-37878 actively exploited?
As of now, there are no reports indicating that CVE-2025-37878 is being actively exploited in the wild.

collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/description
agent/type
agent/first-publish-date
agent/softwarecombine
collector/nvd-api
source/NVD
agent/author
agent/last-modified-date
agent/source
agent/event
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel